Initial commit

Author: SAERXCIT

EnableParentPriv.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.5.33627.172
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EnableParentPriv", "EnableParentPriv.vcxproj", "{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Debug|x64.ActiveCfg = Debug|x64
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Debug|x64.Build.0 = Debug|x64
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Debug|x86.ActiveCfg = Debug|Win32
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Debug|x86.Build.0 = Debug|Win32
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Release|x64.ActiveCfg = Release|x64
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Release|x64.Build.0 = Release|x64
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Release|x86.ActiveCfg = Release|Win32
+		{7FECF06F-6FAA-46C1-93BB-00831F6BE5D9}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {057EA694-C45A-44E6-8807-42762EEC57DE}
+	EndGlobalSection
+EndGlobal

EnableParentPriv.vcxproj

@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{7fecf06f-6faa-46c1-93bb-00831f6be5d9}</ProjectGuid>
+    <RootNamespace>EnableParentPriv</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

EnableParentPriv.vcxproj.filters

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

EnableParentPriv.vcxproj.user

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>

main.c

@@ -0,0 +1,147 @@
+#include <Windows.h>h
+#include <stdio.h>
+#include <shlwapi.h>
+#include <tlhelp32.h>
+
+#pragma comment(lib, "shlwapi.lib")
+
+int main(int argc, char** argv) {
+
+	if (argc < 2) {
+
+		printf("%s enables the requested privilege in its parent process: the shell calling it\n", argv[0]);
+		printf("Usage: %s <privilege_number>\n\nPrivilege list: (source https://github.com/gentilkiwi/mimikatz/blob/master/mimikatz/modules/kuhl_m_privilege.h)\n", argv[0]);
+		printf("SE_CREATE_TOKEN             2\n\
+SE_ASSIGNPRIMARYTOKEN       3\n\
+SE_LOCK_MEMORY              4\n\
+SE_INCREASE_QUOTA           5\n\
+SE_UNSOLICITED_INPUT        6\n\
+SE_TCB                      7\n\
+SE_SECURITY                 8\n\
+SE_TAKE_OWNERSHIP           9\n\
+SE_LOAD_DRIVER              10\n\
+SE_SYSTEM_PROFILE           11\n\
+SE_SYSTEMTIME               12\n\
+SE_PROF_SINGLE_PROCESS      13\n\
+SE_INC_BASE_PRIORITY        14\n\
+SE_CREATE_PAGEFILE          15\n\
+SE_CREATE_PERMANENT         16\n\
+SE_BACKUP                   17\n\
+SE_RESTORE                  18\n\
+SE_SHUTDOWN                 19\n\
+SE_DEBUG                    20\n\
+SE_AUDIT                    21\n\
+SE_SYSTEM_ENVIRONMENT       22\n\
+SE_CHANGE_NOTIFY            23\n\
+SE_REMOTE_SHUTDOWN          24\n\
+SE_UNDOCK                   25\n\
+SE_SYNC_AGENT               26\n\
+SE_ENABLE_DELEGATION        27\n\
+SE_MANAGE_VOLUME            28\n\
+SE_IMPERSONATE              29\n\
+SE_CREATE_GLOBAL            30\n\
+SE_TRUSTED_CREDMAN_ACCESS   31\n\
+SE_RELABEL                  32\n\
+SE_INC_WORKING_SET          33\n\
+SE_TIME_ZONE                34\n\
+SE_CREATE_SYMBOLIC_LINK     35\n");
+		return -1;
+
+	}
+	
+	int iPrivId = 0;
+	int iRet = 0;
+	HANDLE hToken = NULL;
+	HANDLE hParentProcess = NULL;
+	TOKEN_PRIVILEGES sctTokPriv = { 0 };
+	HANDLE hSnapshot = NULL;
+	PROCESSENTRY32W sctPe32 = { 0 };
+	sctPe32.dwSize = sizeof(PROCESSENTRY32W);
+	DWORD dwCurrentPid = GetCurrentProcessId();
+	DWORD dwParentPid = 0;
+
+
+	if (!StrToIntExA(argv[1], STIF_DEFAULT, &iPrivId) || iPrivId < 2 || iPrivId > 35) {
+
+		printf("[-] Invalid privilege id: %s\n", argv[1]);
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+	if (hSnapshot == INVALID_HANDLE_VALUE) {
+
+		printf("[-] CreateToolhelp32Snapshot Failed With Error : %d \n", GetLastError());
+		iRet = -1; goto _EndOfFunc;
+	}
+
+	if (Process32First(hSnapshot, &sctPe32)) {
+
+		do {
+			if (sctPe32.th32ProcessID == dwCurrentPid) {
+				dwParentPid = sctPe32.th32ParentProcessID;
+				break;
+			}
+		} while (Process32Next(hSnapshot, &sctPe32));
+
+	}
+	else {
+
+		printf("[!] Process32First Failed With Error : %d \n", GetLastError());
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	if (dwParentPid == 0) {
+
+		printf("[-] Could not find parent PID\n");
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	hParentProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, dwParentPid);
+	if (hParentProcess == NULL) {
+
+		printf("[-] Error opening parent process with PROCESS_QUERY_LIMITED_INFORMATION: %d\n", GetLastError());
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	if (!OpenProcessToken(hParentProcess, TOKEN_ADJUST_PRIVILEGES, &hToken)) {
+
+		printf("[-] Error opening parent process token with TOKEN_ADJUST_PRIVILEGES: %d\n", GetLastError());
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	sctTokPriv.PrivilegeCount = 1;
+	sctTokPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+	sctTokPriv.Privileges[0].Luid.LowPart = iPrivId;
+	sctTokPriv.Privileges[0].Luid.HighPart = 0;
+
+	if (!AdjustTokenPrivileges(hToken, FALSE, &sctTokPriv, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
+
+		printf("[-] Error adjusting token privilege: %d\n", GetLastError());
+		iRet = -1; goto _EndOfFunc;
+
+	}
+	else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) {
+
+		printf("[-] Current token does not have the requested privilege\n");
+		iRet = -1; goto _EndOfFunc;
+
+	}
+
+	printf("[+] Success enabling requested privilege!\n");
+
+_EndOfFunc:
+	if(hParentProcess && hParentProcess != INVALID_HANDLE_VALUE)
+		CloseHandle(hParentProcess);
+	if (hSnapshot && hSnapshot != INVALID_HANDLE_VALUE)
+		CloseHandle(hSnapshot);
+	if (hToken && hToken != INVALID_HANDLE_VALUE)
+		CloseHandle(hToken);
+
+	return iRet;
+
+}